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CLAIMS 

What is claimed is: 

1 . A method of processing a data packet, the method comprising: 
receiving the data packet at a network device; 

determining whether a multiple-key decision cache is hit by the data 
packet; 

applying at least one cached action if the decision cache is hit; and 
processing the data packet using software routines if the decision cache 
is missed. 

2. The method of claim 1 , further comprising, prior to determining whether 
the multiple-key decision cache is hit: 

determining whether hardware circuitry of the network device is capable 

of processing the data packet; and 
processing the data packet using the hardware circuitry if the hardware 

circuitry is determined to be capable. 

3. The method of claim 1 , further comprising, subsequent to processing the 
data packet using the software routines: 

determining whether action performed by the software routines is 
programmable into the multiple-key decision cache; and 

programming a new entry into the multiple-key decision cache if the action 
performed is programmable. 

4. The method of claim 3, wherein a hash value relating to multiple fields in 
the data packet is used in programming the new entry. 

5. The method of claim 1 , wherein determining whether the multiple-key 
decision cache is hit comprises: 

generating a hash value from multiple fields in the data packet; and 
using the hash value generated to index into the multiple-key decision 
cache. 



The method of claim 5, wherein the hash value is generated by applying 
an exclusive-or operation to a source IP address and a destination IP 
address in the data packet. 

The method of claim 5, wherein 

if the hash entry is valid in the multiple-key decision cache, then 

detemnlning whether pertinent fields of the data packet exactly 
match corresponding fields of the entry; and 

if the pertinent fields exactly match, then providing a result that the 
decision cache is hit. 

The method of claim 1 , wherein search keys for the decision cache 
include source and destination IP addresses. 

The method of claim 8, wherein the search keys further include an 
inbound VLAN identifier. 

The method of claim 1 , search keys for the decision cache include source 
MAC addresses. 

The method of claim 1 , wherein if a modification of a pertinent table is 
detected, then the decision cache is cleared and populated if possible. 

The method of claim 1 1 , wherein the pertinent table comprises a table 
from a group of tables including a network address translation (NAT) 
table, an access control list (ACL), a network layer 3 forwarding table, and 
a network layer 2 forwarding table. 

The method of claim 1 /wherein if a modification of a forwarding table is 
detected, then the decision cache is cleared. 

The method of claim 1 , wherein if a modification of a pertinent table is 
detected, then a corresponding entry in the decision cache is cleared. 



The method of claim 1. wherein if a modification of a pertinent table is 
detected, then a corresponding entry in the decision cache is updated. 

A network apparatus comprising: 

a plurality of ports configured to receive data packets; 

software routines configured to process the data packets; 

a multiple-key decision cache including multiple key fields and action(s) 
corresponding thereto; and 

logic configured to detemiine whether the multiple-key decision cache is 
hit by a data packet, to apply at least one cached action if the 
decision cache is hit, and to process the data packet using the 
software routines if the decision cache is missed. 

The apparatus of claim 16, further comprising: 

hardware configured to rapidly process a subset of the data packets; and 
hardware logic configured to determine whether the hardware circuitry is 
capable of processing the data packet, and to process the data 
packet using the hardware circuitry if the hardware circuitry is 
detennined to be capable, prior to detemiining whether the 
multiple-key decision cache is hit. 

A method of processing a data packet, the method comprising: 

receiving the data packet at a network device; 

determining whether hardware of the network device is capable of 

processing the data packet; 
if the hardware circuitry is determined to be capable, then processing the 

data packet using the hardware; 
otherwise, determining whether a decision cache is hit by the data packet; 
applying at least one cached action if the decision cache is hit; 
processing the data packet using software routines if the decision cache 

is missed; 
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determining whether action perfomied by the software routines is 
programmable into the multiple-key decision cache; and 

programming a new entry into the multiple-key decision cache if the action 
performed is programmable. 

19. The method of claim 18, 

wherein a hash value relating to multiple fields in the data packet is used 

in programming the new entry, 
wherein if the hash value matches an entry in the multiple-key decision 

cache, then determining whether pertinent fields of the data packet 

exactly match corresponding fields of the entry, and 
wherein if the pertinent fields exactly match, then providing a result that 

the decision cache is hit. 

20. The method of claim 19, wherein the hash value is generated by applying 
a hash function to source and destination IP addresses. 
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